US government approves sharing of cyber threat info among companies

(Credit: Wikimedia Commons / Coolcaesar)The Robert F. Kennedy Department of Justice Building in Washington, D.C., headquarters of the United States Department of Justice.

The United States Department of Justice and the Federal Trade Commission said American businesses can share most cyberthreat information with competitors without facing antitrust enforcement action.

Properly shared cyberthreat information isn't likely to raise antitrust concerns from either, both agencies said in a joint policy statement.

"This is an antitrust no-brainer. Companies who engage in properly designed cyberthreat information sharing will not run afoul of the antitrust laws," said Bill Baer, the assistant attorney general in charge of the DOJ's Antitrust Division.

"This means that as long as companies don't discuss competitive information such as pricing and output when sharing cybersecurity information, they're OK."

Information sharing is a way companies can help protect themselves against cyberthreats, Baer said. He noted this kind of information sharing is good public policy.

The government clarification came after some companies asked whether exchanging that type of information would lead to antitrust scrutiny. The Information Technology Industry Council, a trade group, mentioned antitrust concerns as an impediment to cyberthreat sharing in a January 2012 position paper focused on cybersecurity legislation debated in Congress at that time.

Sharing the information could open companies up to lawsuits alleging that information shared is an effort to harm competition. The government's policy statement is an effort to reduce those concerns, representatives of the agencies said.

"Some companies have told us that concerns about antitrust liability have been a barrier to being able to openly share cyberthreat information with each other," Deputy Attorney General James Cole said.